docs/papr-pef.txt | 30 ------------------------------ docs/system/ppc/pseries.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 30 deletions(-) delete mode 100644 docs/papr-pef.txt
The Protected Execution Facility is only available with the pseries
machine, so let's merge the old ASCII text into the new RST file now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
docs/papr-pef.txt | 30 ------------------------------
docs/system/ppc/pseries.rst | 33 +++++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 30 deletions(-)
delete mode 100644 docs/papr-pef.txt
diff --git a/docs/papr-pef.txt b/docs/papr-pef.txt
deleted file mode 100644
index 72550e9bf8..0000000000
--- a/docs/papr-pef.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-POWER (PAPR) Protected Execution Facility (PEF)
-===============================================
-
-Protected Execution Facility (PEF), also known as Secure Guest support
-is a feature found on IBM POWER9 and POWER10 processors.
-
-If a suitable firmware including an Ultravisor is installed, it adds
-an extra memory protection mode to the CPU. The ultravisor manages a
-pool of secure memory which cannot be accessed by the hypervisor.
-
-When this feature is enabled in QEMU, a guest can use ultracalls to
-enter "secure mode". This transfers most of its memory to secure
-memory, where it cannot be eavesdropped by a compromised hypervisor.
-
-Launching
----------
-
-To launch a guest which will be permitted to enter PEF secure mode:
-
-# ${QEMU} \
- -object pef-guest,id=pef0 \
- -machine confidential-guest-support=pef0 \
- ...
-
-Live Migration
-----------------
-
-Live migration is not yet implemented for PEF guests. For
-consistency, we currently prevent migration if the PEF feature is
-enabled, whether or not the guest has actually entered secure mode.
diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
index 72e315eff6..16394fa521 100644
--- a/docs/system/ppc/pseries.rst
+++ b/docs/system/ppc/pseries.rst
@@ -230,6 +230,39 @@ nested. Combinations not shown in the table are not available.
.. [3] Introduced on Power10 machines.
+
+POWER (PAPR) Protected Execution Facility (PEF)
+-----------------------------------------------
+
+Protected Execution Facility (PEF), also known as Secure Guest support
+is a feature found on IBM POWER9 and POWER10 processors.
+
+If a suitable firmware including an Ultravisor is installed, it adds
+an extra memory protection mode to the CPU. The ultravisor manages a
+pool of secure memory which cannot be accessed by the hypervisor.
+
+When this feature is enabled in QEMU, a guest can use ultracalls to
+enter "secure mode". This transfers most of its memory to secure
+memory, where it cannot be eavesdropped by a compromised hypervisor.
+
+Launching
+^^^^^^^^^
+
+To launch a guest which will be permitted to enter PEF secure mode::
+
+ $ qemu-system-ppc64 \
+ -object pef-guest,id=pef0 \
+ -machine confidential-guest-support=pef0 \
+ ...
+
+Live Migration
+^^^^^^^^^^^^^^
+
+Live migration is not yet implemented for PEF guests. For
+consistency, QEMU currently prevents migration if the PEF feature is
+enabled, whether or not the guest has actually entered secure mode.
+
+
Maintainer contact information
------------------------------
--
2.27.0
On 1/5/22 11:32, Thomas Huth wrote: > The Protected Execution Facility is only available with the pseries > machine, so let's merge the old ASCII text into the new RST file now. > > Signed-off-by: Thomas Huth <thuth@redhat.com> Applied to ppc7.0. Thanks, C.
On 1/5/22 07:32, Thomas Huth wrote: > The Protected Execution Facility is only available with the pseries > machine, so let's merge the old ASCII text into the new RST file now. > > Signed-off-by: Thomas Huth <thuth@redhat.com> > --- Well observed. Thanks for fixing it. Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> > docs/papr-pef.txt | 30 ------------------------------ > docs/system/ppc/pseries.rst | 33 +++++++++++++++++++++++++++++++++ > 2 files changed, 33 insertions(+), 30 deletions(-) > delete mode 100644 docs/papr-pef.txt > > diff --git a/docs/papr-pef.txt b/docs/papr-pef.txt > deleted file mode 100644 > index 72550e9bf8..0000000000 > --- a/docs/papr-pef.txt > +++ /dev/null > @@ -1,30 +0,0 @@ > -POWER (PAPR) Protected Execution Facility (PEF) > -=============================================== > - > -Protected Execution Facility (PEF), also known as Secure Guest support > -is a feature found on IBM POWER9 and POWER10 processors. > - > -If a suitable firmware including an Ultravisor is installed, it adds > -an extra memory protection mode to the CPU. The ultravisor manages a > -pool of secure memory which cannot be accessed by the hypervisor. > - > -When this feature is enabled in QEMU, a guest can use ultracalls to > -enter "secure mode". This transfers most of its memory to secure > -memory, where it cannot be eavesdropped by a compromised hypervisor. > - > -Launching > ---------- > - > -To launch a guest which will be permitted to enter PEF secure mode: > - > -# ${QEMU} \ > - -object pef-guest,id=pef0 \ > - -machine confidential-guest-support=pef0 \ > - ... > - > -Live Migration > ----------------- > - > -Live migration is not yet implemented for PEF guests. For > -consistency, we currently prevent migration if the PEF feature is > -enabled, whether or not the guest has actually entered secure mode. > diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst > index 72e315eff6..16394fa521 100644 > --- a/docs/system/ppc/pseries.rst > +++ b/docs/system/ppc/pseries.rst > @@ -230,6 +230,39 @@ nested. Combinations not shown in the table are not available. > > .. [3] Introduced on Power10 machines. > > + > +POWER (PAPR) Protected Execution Facility (PEF) > +----------------------------------------------- > + > +Protected Execution Facility (PEF), also known as Secure Guest support > +is a feature found on IBM POWER9 and POWER10 processors. > + > +If a suitable firmware including an Ultravisor is installed, it adds > +an extra memory protection mode to the CPU. The ultravisor manages a > +pool of secure memory which cannot be accessed by the hypervisor. > + > +When this feature is enabled in QEMU, a guest can use ultracalls to > +enter "secure mode". This transfers most of its memory to secure > +memory, where it cannot be eavesdropped by a compromised hypervisor. > + > +Launching > +^^^^^^^^^ > + > +To launch a guest which will be permitted to enter PEF secure mode:: > + > + $ qemu-system-ppc64 \ > + -object pef-guest,id=pef0 \ > + -machine confidential-guest-support=pef0 \ > + ... > + > +Live Migration > +^^^^^^^^^^^^^^ > + > +Live migration is not yet implemented for PEF guests. For > +consistency, QEMU currently prevents migration if the PEF feature is > +enabled, whether or not the guest has actually entered secure mode. > + > + > Maintainer contact information > ------------------------------ >
© 2016 - 2024 Red Hat, Inc.